Obfuscation makes the cloud work for healthcare

Patient data is sacred when it comes to healthcare. HIPPA tells us so. In virtually every medical practice, cost controls are also sacred, and there are points where regulation and modern tools for reducing IT costs can come into conflict.

Remote and cloud-based record processing is common in many fields, but adoption in healthcare has been slowed by legitimate concerns about liability when sensitive information

Crosses jurisdictional borders

Is touched by individuals whose identity might not be directly known to administrators

For IT executives looking for ways to take advantage of cloud tools and offshoring, data obfuscation can provide a way to send data into the cloud while keeping privacy intact and under control.

What is data obfuscation?

Data obfuscation is a way to take specific pieces of data within a record and change them into something else. In some cases, for example, organizations can run an obfuscation package against the fields containing patient numbers, social security numbers, and names. Each is then replaced by a different piece of data, similar in form but entirely different in content.

With personally identifying content removed, the data can then be processed by third parties and stored in geographically undefined systems without violating HIPPA provisions concerning the security of private patient information.

It’s important to keep in mind that there are two “flavors” of obfuscation, each designed for a specific purpose.

1. Obfuscation for testing and trial deployments

In this application, a team of developers needs to have access to the data to create applications and deploy them successfully. Because they’re not involved with patient treatment, they can’t have access to private information that is identifiable in any way. The key here is that the data is obfuscated in a one-way process—there’s no way to convert it back to the original data.

2. Reversible obfuscation

In the other form of obfuscation, data is transformed into patterns that can’t be identified as belonging to any particular individual so that processing and storage can take place in third-party or international facilities. When processing is complete or data is retrieved from storage, the obfuscation is reversed so that the information is useful again.

Costs

Obfuscation is not a process without cost. In addition to the software (or SaaS implementation), there are performance considerations and costs associated with CPU, network, and storage utilization. Each must be considered and weighed against the cost of forgoing the use of cloud and offshore services. For healthcare IT managers, though, the most important aspect might well be that the obfuscation software and services provide options that aren’t available through other means.